The Cyberspace Solarium Commission report offers over 80 recommendations and dozens of legislative proposals on cybersecurity. As policymakers review it, questions are mounting about the process to implement them.
Some recommendations seem likely candidates for inclusion in the National Defense Authorization Act (NDAA), one of the few pieces of “must pass” legislation every year, but this may provide little opportunity for input on new obligations.
The NDAA has become a vehicle to regulate private sector activity. Commissioners and staff of the Solarium Commission made clear that many of its recommendations would be targeted for inclusion in the NDAA. Despite the Covid-19 pandemic, the fiscal year 2021 NDAA is moving and it is likely to contain—for better and worse—obligations for the private sector.
But, the process to draft the NDAA is not as transparent as other legislation and may not leave time for input, particularly given the inability to hold hearings and conduct in-person meetings during the pandemic.
The report has six relatively uncontroversial calls for specific action in the FY2021 NDAA. It says that Congress should direct the Department of Defense (DoD)…
